CVE-2024-6069

Name of the Vulnerable Software and Affected Versions: The Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction plugin for WordPress versions up to, and including, 3.8.3.4

Description: The issue allows authenticated attackers with Subscriber-level access and above to install, activate, and deactivate arbitrary plugins due to missing capability checks on the pieregister install addon, pieregister activate addon, and pieregister deactivate addon functions. This could lead to code execution on the targeted server.

Recommendations: For versions up to, and including, 3.8.3.4, consider disabling the pieregister install addon, pieregister activate addon, and pieregister deactivate addon functions until a patch is available to prevent unauthorized plugin installation and activation/deactivation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.